// Here we set a variable that controls if error messages will be shown
$showerrors = TRUE;

// Then set a control variable that will signal failure or success
// We will assume failure so only when there is a match access is allowed
$match = FALSE;

// Now we start doing a whole bunch of checks, before we start the real work

// First check if the username and password parameters are available at all.
// These parameters are expected to be POSTED from an html form, so we will
// look in the $_POST array for them.
$username = $_POST["username"];
$password = $_POST["password"];

if ($username == "" || $password == "")
{
// The username or password was not provided, show error message
if ($showerrors) print("Username or password were not provided.<br />");
}
else
{
// The username and password were provided, now check if the database
// file actually exists.
if (!file_exists($databasefile))
{
// The database file does not exist, show error message
if ($showerrors) print("Database file " . $databasefile . " not found.<br />");
}
else
{
// The database file does exist, so read it
$lines = file($databasefile);
// Count the number of lines in the lines array
$linecount = count($lines);
// Check if there is at least one line
if ($linecount < 1)
{
// No lines were found in the lines array, show error message
if ($showerrors) print("No lines found in database file " . $databasefile . ".<br />");
}
else
{
// At least one line was found in the lines array, go through them
for ($i = 0; $i < $linecount; $i++)
{
// Split the current line into parts on the semicolon
$parts = explode(";",$lines[$i]);
// There are supposed to be TWO parts, the username and password
$partcount = count($parts);
if ($partcount != 2)
{
// The number of parts was NOT two, show error message
if ($showerrors) print("The number of parts in line " . $i . " is " . $partcount . ".<br />");
}
else
{
// The number of parts IS two, strip spaces from the parts
$parts[0] = trim($parts[0]);
$parts[1] = trim($parts[1]);

// Now we finally can compare the input to these parts
if ($parts[0] == $username && $parts[1] == $password)
{
// Username AND password correct, we have got a match
$match = TRUE;
// Break out of the for loop to stop going through the lines
break;
}
}
} // The for loop ends here

// Check if there was a match
if ($match == FALSE)
{
// There was no match, go to failed url
header("Location: " . $failedurl);
}
else
{
// There was a match, go to the success url
header("Location: " . $successurl);
}
}
}
}

?>

<?php

// This script is intended to accept a username and password and then

// check that against a database file

// First define the name of the database file here, so it is easy to change

$databasefile = "database.txt";

// Here we define the target locations for success and failure

$successurl = "http://www.google.com";

$failedurl = "http://www.yahoo.com";

// Here we set a variable that controls if error messages will be shown

$showerrors = TRUE;

// Then set a control variable that will signal failure or success

// We will assume failure so only when there is a match access is allowed

$match = FALSE;

// Now we start doing a whole bunch of checks, before we start the real work

// First check if the username and password parameters are available at all.

// These parameters are expected to be POSTED from an html form, so we will

// look in the $_POST array for them.

$username = $_POST["username"];

$password = $_POST["password"];

if ($username == "" || $password == "")

{

// The username or password was not provided, show error message

if ($showerrors) print("Username or password were not provided.<br />");

if ($showerrors) print("The number of parts in line " . $i . " is " . $partcount . ".<br />");

}

else

{

// The number of parts IS two, strip spaces from the parts

$parts[0] = trim($parts[0]);

$parts[1] = trim($parts[1]);

// Now we finally can compare the input to these parts

if ($parts[0] == $username && $parts[1] == $password)

{

// Username AND password correct, we have got a match

$match = TRUE;

// Break out of the for loop to stop going through the lines

break;

}

}

} // The for loop ends here

// Check if there was a match

if ($match == FALSE)

{

// There was no match, go to failed url

header("Location: " . $failedurl);

}

else

{

// There was a match, go to the success url

header("Location: " . $successurl);

}

}

}

}

?>

i get no errrors with this script but i want to know how do i make it check the part[1] as a md5 everything i have tryed is useless it either sends me to the success url because the user names right and any password will do or it sends me to the fail no matter what i enter
thanks for any help that comes

this213

Guru

Posts: 1259

Loc: ./

3+ Months Ago

right offhand, you need to do some more with every one of your "if"s. In your error checking, you currently have:

*edit*
btw - I do realize PHP can handle an if as a statement, but the more explicit you are with your code, the less your chance of failure - so I always put them in blocks.

this213

Guru

Posts: 1259

Loc: ./

3+ Months Ago

Just thought I'd follow up with your md5 question.

You should be md5ing the $password when it gets input, and store your password ($part[1]) as an md5. This way, you don't have to md5 $part[1] when you read it into the script, just md5 $password and compare the two.

the syntax is, quite simply:
$password = md5($password);

You could also make a short script to show you the md5'd password if you need to generate one to store, like so: